#!/usr/bin/sh #---------------------------------------------------------------------------------- # /var/install/bin/certs-update-hashes - script to create certificate hashes # # Copyright (c) 2016-2025 The Eisfair Team, team(at)eisfair(dot)org # # Creation: 2016-02-16 jed # Last Update: $Id$ # # Usage: certs-update-hashes # or # certs-update-hashes [--quiet] --certdir|--crldir|--both # [--path absolute-path] # # --quiet - suppress any screen output # --certdir - update hashes in certs directory # --crldir - update hashes in crl directory # --both - update hashes in certs and crl directory # # --path absolute-path - overwrite default paths # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------------- # include eislib . /var/install/include/eislib . /var/install/include/jedlib # activate debug output #debug_certs=true if ${debug_certs:-false} then exec 2> /tmp/$(basename ${0})-trace$$.log set -x ask_debug=true export ask_debug fi pgmname=`basename $0` ssldir=/usr/local/ssl certdir=${ssldir}/certs crldir=${ssldir}/crl ask_bin=/var/install/bin/ask ask_tmpfile=/tmp/${pgmname}-ask.$$ rehash_bin=/usr/bin/openssl cmd='' force_quiet_run=0 runmode='interactive' work_dir='' if [ $# -gt 0 ] then # read parameter(s) while [ $# -gt 0 ] do case $1 in *-certdir|*-crldir|*-both ) cmd="$1" runmode='batch' shift ;; *-path ) missing_dir=0 for DNAME in $2 do if [ ! -d ${DNAME} ] then missing_dir=1 fi done if [ ${missing_dir} -eq 0 ] then work_dir="$2" runmode='batch' fi shift; shift ;; *-quiet ) # suppress all screen outputs force_quiet_run=1 shift ;; * ) break ;; esac done fi endflag=0 until [ ${endflag} -eq 1 ] do if [ "${runmode}" = 'interactive' ] then ### interactive mode ### work_dir='' # print header clrhome mecho --info "Create/update certificate hashes" echo echo ' 1 - certificate folder' echo ' 2 - certificate revocation list folder' echo ' 3 - certificate and revocation list folder' echo ${ask_bin} 'which hashes should be updated, (1-3) (q)uit' 'q' '+' > ${ask_tmpfile} rc=$? read cmd < ${ask_tmpfile} rm -f ${ask_tmpfile} if [ ${rc} = 255 ] then exit 1 fi fi case ${cmd} in 1|*-certdir ) # certs directory work_dir="${certdir}" ;; 2|*-crldir ) work_dir="${crldir}" ;; 3|*-both ) work_dir="${certdir} ${crldir}" ;; [qQ] ) # quit endflag=1 work_dir='' ;; * ) # not in range if [ "${runmode}" = 'interactive' ] then echo mecho --error "Error: input not in range, try again!" echo anykey fi ;; esac if [ -n "${work_dir}" ] then for DNAME in ${work_dir} do if [ "${runmode}" = 'interactive' ] then echo else endflag=1 fi if [ ${force_quiet_run} -eq 1 ] then # be quiet ${rehash_bin} rehash -compat ${DNAME}/ > /dev/null 2> /dev/null else ${rehash_bin} rehash -compat ${DNAME}/ echo fi done /var/install/config.d/certs.sh --copycrlhashes if [ "${runmode}" = 'interactive' ] then anykey fi fi done rm -f ${ask_tmpfile} exit 0